author: Andrew Zaborowski <andrew.zaborowski@intel.com> 2021-01-04 17:40:48 +0100
committer: Jarkko Sakkinen <jarkko@kernel.org> 2021-02-16 10:40:27 +0200
commit: 40d32b59e37346fe89d27f83279ad81cd7dcc4a5
parent: 724eaba40ef623194196323c05baa6a0b4bd0210
Commit Summary:
Diffstat:
1 file changed, 4 insertions, 3 deletions
diff --git a/crypto/asymmetric_keys/restrict.c b/crypto/asymmetric_keys/restrict.c
index 77ebebada29c..84cefe3b3585 100644
--- a/crypto/asymmetric_keys/restrict.c
+++ b/crypto/asymmetric_keys/restrict.c
@@ -244,9 +244,10 @@ int restrict_link_by_key_or_keyring(struct key *dest_keyring,
* @payload: The payload of the new key.
* @trusted: A key or ring of keys that can be used to vouch for the new cert.
*
- * Check the new certificate only against the key or keys passed in the data
- * parameter. If one of those is the signing key and validates the new
- * certificate, then mark the new certificate as being ok to link.
+ * Check the new certificate against the key or keys passed in the data
+ * parameter and against the keys already linked to the destination keyring. If
+ * one of those is the signing key and validates the new certificate, then mark
+ * the new certificate as being ok to link.
*
* Returns 0 if the new certificate was accepted, -ENOKEY if we
* couldn't find a matching parent certificate in the trusted list,